SC-200 focuses on investigating, responding to, and hunting cyber threats using Microsoft Sentinel and Microsoft Defender technologies.
SC-200 is designed for professionals working in security operations roles. The course focuses on detecting, investigating, and responding to cyber threats across cloud and endpoint environments.Participants learn to use Microsoft 365 Defender, Defender for Endpoint, and Defender for Cloud to mitigate threats. Microsoft Sentinel is introduced as the central SIEM and SOAR platform.Kusto Query Language is used for detection, analysis, reporting, and threat hunting. The course also covers configuring data connectors, creating detections, and automating responses.The content aligns with the SC-200 exam and the Security Operations Analyst Associate certification.
SC-200 emphasizes operational response rather than policy design.Threat hunting skills are critical for detecting unknown attacks.
“Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel.”
AZ-500 is a four-day course for IT security professionals who secure Microsoft Azure environments. It focuses on implementing security controls, maintaining security posture, and identifying and remediating vulnerabilities.
View courseFour-day course on implementing and managing identity and access solutions using Microsoft Azure AD. Covers identity configuration, conditional access, application access management, and identity governance. Aligned with Microsoft Identity and Access Administrator Associate certification.
View courseSC-400 is a two-day course focused on information protection and governance in Microsoft 365 environments. It covers implementing data loss prevention, sensitive information types, sensitivity labels, retention policies, and message encryption.
View courseSC-200 covers proactive threat hunting using Microsoft Sentinel queries, bookmarks, livestream, and notebooks.
byAlexis HIRSCHHORN
SC-200 uses KQL to query logs, analyze threats, build detections, and perform threat hunting.
byAlexis HIRSCHHORN
SC-200 uses Microsoft Sentinel as the central SIEM and SOAR platform for detection, investigation, and response.
byAlexis HIRSCHHORN
SC-200 is designed for Security Operations Analysts responsible for monitoring, investigating, and responding to threats.
SC-200 covers proactive threat hunting using Microsoft Sentinel queries, bookmarks, livestream, and notebooks.
SC-200 uses Microsoft Sentinel as the central SIEM and SOAR platform for detection, investigation, and response.
SC-200 uses KQL to query logs, analyze threats, build detections, and perform threat hunting.
Browse all FAQs →
Full knowledge base
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.